← back to tools

Sentinel

3 files · ready for inspection

readme

# Sentinel **Advanced Interactive Web Path Discovery Tool** **ek0ms savi0r** Sentinel is a feature-rich, interactive command-line tool for web path enumeration and directory discovery.It combines the power of asynchronous scanning with comprehensive reporting capabilities. --- ## Disclaimer **IMPORTANT**: Unauthorized scanning of systems you do not own or lack explicit written permission to test is illegal. This tool is intended for legitimate security assessments only. Users are solely responsible for complying with all applicable laws and regulations. The developer assumes no liability for misuse or damage caused by this tool. --- ## Features - **Asynchronous Scanner** – High-performance concurrent requests with connection pooling - **Recursive Scanning** – Automatically discovers and scans subdirectories up to specified depth - **Smart Hit Detection** – Tracks full redirect chains and counts hits appropriately - **Wildcard Detection** – Identifies and filters catch-all responses automatically - **Content Fingerprinting** – MD5 hashing to identify and filter duplicate pages - **Flexible Filtering** – Filter by status codes, content sizes, and regex patterns - **Multiple HTTP Methods** – Support for GET, POST, HEAD, and other methods - **Rate Limiting & Delays** – Control request rate to avoid overwhelming servers - **Network Information** – Displays local interface, IP, MAC, and gateway - **Military-Grade Reports** – Comprehensive executive summaries with risk assessment - **Multiple Output Formats** – Save results as text, JSON, or CSV - **Clipboard Support** – Optional paste functionality for URLs --- ## Installation ### Step 1: Clone the Repository ```bash git clone https://github.com/ekomsSavior/Sentinel.git cd Sentinel ``` ### Step 2: Install Required Dependencies ```bash pip3 install aiohttp aiofiles tqdm colorama ``` Optional but recommended for full features: ```bash pip3 install pyperclip netifaces ``` ### Step 3: Make the Script Executable (Optional) ```bash chmod +x sentinel.py ``` You can now run the tool directly from the Sentinel directory. --- ## Usage ### Basic Execution ```bash python3 sentinel.py ``` The tool is fully interactive. After launching, you will be guided through a series of prompts to configure your scan. ### Interactive Configuration Prompts | Prompt | Description | |--------|-------------| | Target URL | The base URL to scan (must start with http:// or https://) | | Wordlist path | Path to your wordlist file (e.g., /usr/share/wordlists/dirb/common.txt) | | Concurrent requests | Number of simultaneous connections (default: 50) | | Max requests per second | Rate limiting (0 = unlimited) | | Delay between requests | Pause between requests in seconds | | Request timeout | Maximum wait time per request in seconds | | HTTP method | GET, POST, HEAD, etc. (default: GET) | | Custom headers | Add headers like "User-Agent: Sentinel/1.0" | | Cookie data | Session cookies for authenticated scans | | File extensions | Append extensions like php,html,asp | | Match codes | Only show specific status codes (e.g., 200,301) | | Filter codes | Exclude specific status codes (e.g., 404) | | Filter sizes | Exclude specific content sizes (e.g., 0,1234) | | Regex filter | Filter URLs by path pattern | | Recursive scanning | Enable/disable subdirectory discovery | | Max recursion depth | How deep to scan (if recursive enabled) | | Content fingerprinting | Enable MD5 duplicate detection | | Save results | Output file path (optional) | | Output format | text, json, or csv | | Generate report | Create executive summary | ### Example Session ```bash python3 sentinel.py --- Configuration --- [?] Enter target URL: https://example.com [?] Path to wordlist file: /usr/share/wordlists/dirb/common.txt [?] Concurrent requests (default 50): 100 [?] Max requests per second (0 for unlimited): 50 [?] Delay between requests in seconds: 0 [?] Request timeout in seconds (default 10): 5 [?] HTTP method (GET/POST/HEAD/etc.) [GET]: GET [?] File extensions to try: php,html [?] Enable recursive directory scanning? (y/N): y [?] Maximum recursion depth (default 2): 2 [?] Enable content fingerprinting? (Y/n): Y [?] Generate executive report? (Y/n): Y --- Starting Scan --- [*] Loaded 4614 base words [*] Wildcard baseline: Status 404, Size 162 Scanning depth 0: 100%|████████████| 13842/13842 [00:45<00:00, 304.21req/s] [+] https://example.com/admin/ (Status: 403, Size: 294) [+] https://example.com/robots.txt (Status: 200, Size: 126) ... [*] Scan completed. Found 23 interesting items. [+] Report saved to: /home/user/sentinel_reports/example.com_20250309_143022.txt ``` ### Using with Proxychains For anonymity or routing through proxy chains: ```bash proxychains python3 sentinel.py ``` ### Wordlist Recommendations For optimal results, use comprehensive wordlists: - **SecLists**: `git clone https://github.com/danielmiessler/SecLists.git` - **Kali default**: `/usr/share/wordlists/dirb/common.txt` - **Dirbuster**: `/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt` --- ## Output and Reporting ### Raw Results If you specify an output file, results are saved in your chosen format (text, JSON, or CSV) with full details including redirect chains and timestamps. ### Executive Reports Military-grade reports are automatically saved to `~/sentinel_reports/` with filenames formatted as `target_timestamp.txt`. Each report includes: - Scan metadata (target, duration, parameters) - Local network information - Findings grouped by status code - Risk assessment (Critical, High, Medium, Low) - Detailed findings with redirect chains and hashes - Timestamps for all discoveries Example report excerpt: ``` ================================================================================ SENTINEL EXECUTIVE REPORT ================================================================================ Report generated: 2025-03-09 14:30:22 Target: https://example.com Wordlist: /usr/share/wordlists/dirb/common.txt Scan duration: 0:01:23.456789 --- NETWORK INFO --- Interface: wlan0 IP Address: 10.0.0.124 MAC Address: 9c:4e:36:c1:e7:f4 Gateway: 10.0.0.1 --- FINDINGS SUMMARY --- Total interesting items: 23 By status code: 200: 5 301: 8 403: 6 401: 4 --- RISK ASSESSMENT --- Critical (accessible resources): 5 High (redirects): 8 Medium (authentication required, forbidden): 10 Low (server errors): 0 ``` --- ## Performance Considerations - **Concurrency**: Start with 50 threads and adjust based on target responsiveness - **Rate Limiting**: Use on production systems to avoid detection or service disruption - **Timeouts**: Shorter timeouts (3-5 seconds) speed up scans but may miss slow responses - **Wordlist Size**: Larger wordlists increase coverage but scan time proportionally --- ## Troubleshooting | Issue | Solution | |-------|----------| | "Module not found" errors | Install missing dependencies with pip3 | | No results found | Try a larger wordlist; verify target is reachable; check filters | | Scan too slow | Increase concurrency, reduce delay, disable rate limiting | | Too many false positives | Enable wildcard detection and fingerprinting | | SSL certificate errors | Target may have invalid certs; consider using http:// or ignore (not recommended) | --- ## Legal and Ethical Guidelines 1. **Always obtain written authorization** before scanning any system

source code

files

viewer

select a file
// click a file to view source

license

MIT License Copyright (c) 2026 ek0mssavi0r Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. USE AT YOUR OWN RISK. NO WARRANTY PROVIDED.
download zip // inspect all source before execution
read the code before you run it. always.